CVE-2023-7158

CVSS V2 None CVSS V3 None

Description

A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.

Overview

CVE ID
CVE-2023-7158

Assigner
VulDB

Vulnerability Status
PUBLISHED

Published Version
2023-12-29T06:31:04.450Z

Last Modified Date
2023-12-29T06:31:04.450Z

Weakness Enumerations

CWE	URL
CWE-122	http://cwe.mitre.org/data/definitions/122.html

References

Reference URL	Reference Tags
https://vuldb.com/?id.249180	vdb-entry technical-description
https://vuldb.com/?ctiid.249180	signature permissions-required
https://github.com/micropython/micropython/issues/13007	exploit issue-tracking
https://github.com/micropython/micropython/pull/13039	issue-tracking
https://github.com/micropython/micropython/pull/13039/commits/f397a3ec318f3ad05aa287764ae7cef32202380f	issue-tracking patch
https://github.com/micropython/micropython/releases/tag/v1.22.0	patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEK46QAJOXXDZOWOIE2YACUOCZFWOBCK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E2HYWCZB5R4SHY4SZZZSFDMD64N4SOZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3WWY5JY4RTJE25APB4REGDUDPATG6H7/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-7158
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7158

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 02:57:10				Added to TrackCVE